Cloud Computing = Loss of Confidentiality?
Interesting excerpt from article in ITWorldCanada:
“Adi Shamir, a computer science professor at Israel’s Weizmann Institute of Science and also the “S” in the RSA encryption algorithm, warned against trusting cloud computing services for the same reason he suspects the confidentiality of transmissions over telecom networks and the Internet. He says the phone systems are secure, but that major crossroads in their networks are tapped by the NSA. “There’s a pipe out of the back of an office at AT&T in San Francisco to NSA,” he said.
Government access to assets entrusted to public cloud providers will be similar, he says. He suspects in some cases cloud providers will be companies influenced by government spy agencies, similar to the way Crypto AG security gear gave the NSA backdoor access to encrypted messages sent by foreign governments that had bought the gear. “Please don’t use Cloud AG,” he said.”
So not only do you have to worry about who else is in the cloud with your data and what controls the server provider has in place to secure your data, but whether the government not will have unfettered to all your organizations’ data without your knowledge. They did it with phone records, so…..
|
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to global financial sector organizations. He is on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competencies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance
|
Related posts:
- The real arguments for Cloud Computing
As more vendors dive into the cloud computing market, every possible claim regarding the supposed benefits of moving to a cloud-based service is being made. I ran across an article... - Are you ready for Cloud Computing?
As a final research project for my most recent class, I assigned the task of outlining some of the security issues associated with moving to a cloud based solution for... - Cloud Security Alliance
For more information on Cloud Computing Security, a good resource is the Cloud Computing Alliance, a “non-profit organization formed to promote the use of best practices for providing security assurance... - Exploring Cloud Computing Information Leakage
If you are in cloud computing security (or part of an organization with infrastructure in a public cloud), this paper is a must read. As more organizations seek to realizes...